FireCrypt ransomware emerges with DDoS launching capabilities

Security researchers have reportedly uncovered connections with the Deadly for a Good Purpose Ransomware.

FileCrypt’s authors are currently believed to be demanding $500 in Bitcoins from their victimsiStock

A new ransomware strain uncovered by security researchers, dubbed FireCrypt, reportedly comes with features which allow the ransomware to launch relatively small-scale DDoS attacks. FireCrypt was found to share several similarities with a previously uncovered ransomware strain called Deadly for a Good Purpose, indicating that the two may be linked, according to a report.

According to security researchers at the MalwareHunterTeam, who recently spotted FireCrypt, the ransomware has an almost identical ransom note as that of the Deadly for a Good Purpose ransomware. The two also reportedly share the same email and Bitcoin addresses, leading researchers to believe that FireCrypt may be an improved and modified version of the original Deadly for a Good Purpose ransomware, according to a report by Bleeping Computer.

As is usual, once victims' files have been encrypted, the ransomware serves up a ransom note. FileCrypt's authors are currently believed to be demanding $500 (£406) in bitcoins from their victims.

FireCrypt's source code comes with a function that allows it to seamlessly connect to a URL and download and store its contents. Researchers uncovered that the ransomware downloads the contents of the official portal of Pakistan's Telecommunication Authority. The ransomware's author/authors have reportedly dubbed this feature as a "DDoSer".

There currently appears to be no known way to recover files encrypted by the FileCrypt ransomware. However, reports speculate that a decrypter may soon be made public.

According to researchers, the ransomware's code indicates that the authors may have some experience in developing malware. However, the identity of the cybercriminals remains unknown. It is also unclear as to how many victims the ransomware may have already successfully infected.